class LoginController < ApplicationController
 # 同样使用post模板，即front界面

 layout 'posts'

 before_filter :authorize, :except => :login
# 使用postback处理， GET请求，就是空表单，如果包含数据，就是POST请求。

  def login
    session[:user_id] = nil
    user = User.authentication(params[:name], params[:password])
    
      if user
        session[:user_id] = user.id
        redirect_to( :controller => "admin/users" , :action => "index")
      else
        flash[:notice] = "Invalid userName/password combination"
      end
    
  end

  def logout
      session[:user_id] = nil
      flash[:notice] = "Logged out"
      redirect_to( :action=> 'login')
  end
  
end
